Caithness councillor Matthew Reiss is concerned about 'bizarre circumstances' which led to Thurso man's claims on data breaches
A Caithness councillor has expressed his concern about the "bizarre and very unusual circumstances" which led to a Thurso man receiving personal details about north patients and staff.
Matthew Reiss, a Thurso and Northwest Caithness Highland councillor, has contacted NHS Highland chief executive Pam Dudek to find out why it happened.
He wrote to her after Peter Todd claimed three data breaches were committed by the health authority. Mr Todd has referred the matter to the Information Commissioner's Office (ICO).
Mrs Dudek told the Thurso councillor there had been one data breach and pointed out that NHS Highland apologised to Mr Todd for including a letter with details of another patient within his mental health medical file. That was confirmed as a data breach and was reported by management to the ICO.
She said the other two incidents did not constitute data breaches.
One related to email correspondence from staff members and included "details of employees and summary information of complaints".
"The emails were checked prior to release and the content was not considered to be a risk as the information is publicly accessible," said Mrs Dudek.
She described the third incident as "a particularly unusual situation" which resulted in a piece of paper being included in a medical file which was sent to Mr Todd. It was an informal hand-written note with a name and date of birth as well as some "other words, scribblings and lines not related to anything specific".
Mrs Dudek said it is uncertain where the piece of paper came from but explained the data protection team found it did not "reach the threshold of a reportable data breach".
"We fully appreciate that anything with another person’s name and date of birth should not be available to another person and we are sorry that this has happened. Again, we continue to consider our processes in light of this event with the need to ensure we are robust," said Mrs Dudek.
She added: "We understand Peter’s concerns and appreciate this has been very unsettling for him, but I want to reassure him that all of his files have been fully checked and are in good order.
"We are working with the teams to ensure the standards of record keeping generally are adhered to, including auditing of files. We are taking this very seriously and it is clearly not a position to defend, even where not considered a data breach."
Cllr Reiss acknowledged that data protection legislation is complicated and can be "a minefield" but said the matter is "highly concerning for obvious reasons".
He said: "It is bizarre and very unusual for someone to get three separate sets of information that should not have been sent to them. I have asked the chief executive questions to help me understand what has happened and want to know what constitutes a breach of the rules."
Cllr Reiss also wants to find out if the data protection team is independent of NHS Highland and if they have "the necessary training" and are "adequately resourced" to do the work.
Mr Todd described the chief executive's findings as "contradictory". "She says it is not a breach of confidentiality but then says it shouldn't have happened."
He claims there are still questions to answer "as to where the mystery document came from" and said the situation is not helped by "the revolving door of locum psychiatrists that have covered Caithness in recent years".